WASHINGTON (Sputnik) — The GAO observed that each of the US military services has separate working groups in place to plan for implementing the guidance.
“[The Department of Defense] is in the planning stages of implementing new cybersecurity guidance, by March 2018, to protect its industrial control systems (ICS), which are computer-controlled systems that monitor or operate physical utility infrastructure,” the report, issued on Thursday, said.
However, the US armed services face three implementation challenges, the report cautioned. They include inventorying their installations’ ICS; ensuring personnel with expertise in both ICS and cybersecurity are trained and in place as well as programming and identifying funding for implementation.
By February 2015, none of the armed services had a complete inventory of ICS on their installations, the report noted.
“Without overcoming these challenges, [the Department of Defense’s] ICS may be vulnerable to cyber incidents that could degrade operations and negatively impact missions.”
US Military Bases Failing to Report Major Power Outages to Pentagon
US military facilities are not reporting to the Department of Defense all disruptions of power service lasting eight hours or longer even though some cost millions of dollars, a Government Accountability Office (GAO) report also said.
“[The Defense Department] collection and reporting of utility disruption data is not comprehensive and contains inaccuracies, because not all types and instances of utility disruptions have been reported and there are inaccuracies in reporting of disruptions' duration and cost.”
In the data call for the Energy Reports, officials stated that military installations are not reporting all disruptions that meet the Defense Department criteria of commercial utility service disruptions lasting eight hours or longer, the GAO pointed out.
“In its Energy Reports, [the Defense Department] is also not including information on disruptions” to Defense Department-owned utility infrastructure, the GAO said.
There also were inaccuracies in the reported data, the GAO noted.
About $4.63 million of the $7 million in costs reported by the Defense Department in its June 2013 Energy Report “were indirect costs, such as lost productivity,” although the Department “has directed that such costs not be reported,” the GAO added.
Without collecting and reporting complete and accurate data, decision makers in Defense Department may be hindered in their ability to plan effectively for mitigating against utility disruptions and enhance utility resilience, the GAO concluded.
